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DETAILED ACTION 



1. Claims 1-3, 5-9, 12-13, 15-18. and 21-22 are pending. Claims 12 and 13 are 
withdrawn from further consideration. 

Election/Restrictions 

2. Applicant's election without traverse of Group I claims 1-3, 5-8, 15-18, and 21-22 
in the reply filed on 8/13/2007 is acknowledged. 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

3. Claims 1 and 9 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Chirashnya et al US PGPub 2002/0019870. 
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4. With regards to claim 1, Chirashnya teaches a storage subsystem which is 
connected to a host computer through a communication line (Chirashnya, paragraph 

0047, node comprised of storage subsystem connected to network), comprising an 
interface which is used for connecting to said communication line (Chirashnya, 
paragraph 0047, nodes Interconnected by switches), wherein, said interface comprises 
a first filter which judges, on the occasion of having received communication packets 
from said communication line, whether there is a communication packet with a 
predetermined format for use in an access to said storage subsystem, among the 
communication packets (Chirashnya, paragraph 0047, monitors look for packet 
corruption); wherein said interface further comprises a traffic measuring and judging unit 
which measures traffic of all communication packets received in the interface, and traffic 
of a communication packet judged not to be the packet with said format in said first 
filter, respectively (Chirashnya, paragraph 0047, monitors look for packet corruption, 
paragraph 0059, look for greater failure rate than expected, paragraph 0073, paragraph 
0074), and by using the both traffics, judges whether a communication failure is 
generated or not (Chirashnya, paragraph 0047, monitors look for packet corruption), 
and a communication failure alerting unit which alerts a management server connected 
to said storage subsystem (Chirashnya, paragraph 0047. generates alamn, paragraph 

0048, alarms are sent to primary node) and comprises a function of displaying 
information alerted, in case that it is judged that a communication failure is generated In 
said traffic measuring and judging unit (Chirashnya, paragraph 0069, receive alarms 
and generate recommendations, paragraph 0059, user Interface). 
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5. With regards to claim 9, Chirashnya teaches a computer readable storage 
medium including a program for a computer mounted on a storage subsystem 
connected to a host computer through a communication line (Chirashnya, paragraph 
0047, node comprised of storage subsystem connected to network), the program 
comprising: code for connecting to said communication line (Chirashnya, paragraph 
0047, nodes interconnected by switches); code forjudging, on the occasion of having 
received communication packets from said communication line through connecting to 
said communication line, whether there is a communication packet with a 
predetermined format for use in an access to said storage subsystem, among the 
communication packets (Chirashnya, paragraph 0047, monitors look for packet 
corruption); code for receiving the communication packet judged to be for said access in 
said judging, and judges whether it is a communication packet permitted to access to a 
storage area in said storage subsystem and transmitted from said host computer or not 
(Chirashnya, paragraph 0047, monitors look for packet corruption); code, for measuring 
traffic of all communication packets received in connecting to said communication line, 
and traffic of a communication packet judged not to be the packet with said format in 
said first filter, respectively, and by using the both traffics, judging whether a 
communication failure is generated or not (Chirashnya, paragraph 0047, monitors look 
for packet corruption, paragraph 0059, look for greater failure rate than expected, 
paragraph 0073. paragraph 0074); and code for alerting a management server 
connected to said storage subsystem and displaying information alerted, in case that it 
is judged that a communication failure is generated in measuring said traffic of all 
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communications packets received in connecting to said communication line 
(Cfiirasiinya, paragraph 0069, receive alarms and generate recommendations, 
paragraph 0059, user interface). 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and ' 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 2-3, 5-7 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Chirashnya et al US PGPub 2002/001 9870 in view of Yoshida et a! US Patent No. 
6,622.220. 

7. VVith regards to claim 2, Chirashnya fails to teach said interface further 
comprises a second filter which receives the communication packet judged to be for 
said access in said first filter, and judges whether it is a communication packet 
permitted to access to a storage area in said storage subsystem and transmitted from 
said host computer or not. However, Yoshida teaches said interface further comprises 
a second filter which receives the communication packet judged to be for said access in 
said first filter, and judges whether it is a communication packet permitted to access to a 
storage area in said storage subsystem and transmitted from said host computer or not 
(Yoshida, column 4 lines 6-26, determines if permission to access network storage 
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device should be granted). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to utilize Yoshida's method of determining 
access rights with Chriashnya's network diagnostic system because it offers the 
advantage of improving the security of network storage devices by preventing 
impersonation attacks (Yoshida, columri 2 lines 4-10 and column 6 lines 1-26). 

8. With regards to claim 3, Chirashnya as modified teaches that wherein, in case 
that said host computer is permitted to access to said storage subsystem, said interface 
further comprises an access permission table having information which uniquely 
specifies the host computer (Yoshida, column 5 lines 1-20, client access permissions, 
column 6 lines 25-35, access control list), and information which specifies a storage 
area in said storage subsystem to which the host computer is permitted to access, and 
said second filter judges whether a communication packet judged to be for use in said 
access Is transmitted from the host computer permitted to access or not, In accordance 
with infomiatlon stored in said access permission table (Yoshida, column 5 lines 10-25, 
validates requests on a per packet basis In view of the client access permissions). 

9. With regards to claim 5, Chirashnya teaches said traffic measuring and judging 
unit further measures traffic of a communication packet, and by using the traffic and 
said traffic of all communication packets, further judges whether a communication 
failure is generated or not (Chirashnya, paragraph 0047, monitors look for packet 
corruption, paragraph 0059, look for greater failure rate than expected), but falls to 
teach the communication packet being one that is judged not to be the communication 
packet transmitted from said host computer which Is permitted to access In said second 
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filter. However. Yoshida teaches the communication packet being one that is judged 
not to be the communication packet transmitted from said host computer which is 
permitted to access in said second filter (Yoshida, column 9 lines 55-67, table 1, if 
packet not permitted, trigger alarm). At the time the invention was made, it would have 
been obvious to a person of ordinary skill in the art to utilize Yoshida's method of 
determining access rights with Chriashnya's network diagnostic system because it 
offers the advantage of improving the security of network storage devices by preventing 
impersonation attacks (Yoshida, column 2 lines 4-10 and column 6 lines 1-26). 

10. With regards to claim 6, Chirashnya as modified teaches said interface further 
comprises a traffic log recording unit which records, as a traffic log, communication 
information of a communication packet judged not to be the communication packet with 
said format in said first filter and a communication packet judged not to be the 
communication packet transmitted from said host computer permitted to access in the 
second filter (Yoshida, column 9 lines 55-67. table 1, log the denied storage request, 
Chirashnya, paragraphs 0047-0048, event collection of packet corruption). 

1 1 . With regards to claim 7, Chirashnya as modified teaches a management server 
connected to the storage subsystem according to claim 6 (Chirashnya, paragraph 0048, 
management functions in primary node), wherein, an improper communication source 
analyzing unit which refers to said traffic log, in case that it is alerted from a 
communication failure alerting unit of said storage subsystem that a communication 
failure is generated, and searches a source of said communication packet causes the 
communication failure (Yoshida, column 9 lines 55-67, table 1, log the denied storage 
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request, Chirashnya, paragraph 0059, look for greater failure rate than expected from 
stored statistics). 

12. Claims 8 and 15-18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Chirashnya et al US PGPub 2002/0019870 and Yoshida et al US Patent No. 
6,622,220, as applied to claim 7 above, and in further view of Gleichauf US Patent No. 
7,137,145. 

13. With regards to ciaim 8, Chirashnya as modified fails to teach a relay device 
control unit which controls, based on information of a source searched in said improper 
communication source analyzing unit, a relay device which relays communication to 
said storage subsystem disposed on said communication line so as to cut off 
communication from the source. However, Gleichauf teaches a relay device control unit 
which controls, based on information of a source searched in said improper 
communication source analyzing unit, a relay device which relays communication to 
said storage subsystem disposed on said communication line so as to cut off 
communication from the source (Gleichauf, column 8 lines 18-27, records numbers of 
attempts to break firewall, column 9 lines 1-30, pattern or data matching, column 13 
lines 15-20, communication may be disabled). At the time the invention was made, it 
would have been obvious to a person of ordinary skill in the art to utilize Gleichauf s 
method of cutting off communications because it offers the advantage of allowing the 
isolation of an invective or attacking network element thus reducing the danger of loss 
of data or system integrity (Gleichauf, column 1 lines 40-55, column 2 lines 45-60). 
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14. With regards to claim 15, Chirashnya teaches a storage system in wliich a 
storage subsystem, a host computer, and a management server are connected by a 
communication line (Chirashnya, paragraph 0048, management functions in primary 
node, paragraph 0047, node comprised of storage subsystem connected to network), 
wherein, said storage subsystem comprises an interface which connects to said 
communication line, and said interface comprises, a first filter which judges, on the 
occasion of having received communication packets from said communication line, 
whether there is a communication packet with a predetermined format for use in an 
access to said storage subsystem, among the communication packets (Chirashnya, 
paragraph 0047, monitors look for packet corruption), a traffic measuring and judging 
unit which measures traffic of all communication packets received in the interface, and 
traffic of a communication packet judged not to be the packet with said format, 
respectively, and by using the both traffics, judges whether a communication failure is 
generated or not (Chirashnya, paragraph 0047, monitors look for packet corruption, 
paragraph 0059, look for greater failure rate than expected, paragraph 0073, paragraph 
0074), a communication failure alerting unit which alerts said management server, in 
case that it is judged that a communication failure is generated in said traffic measuring 
and judging unit (Chirashnya, paragraph 0047, generates alarm, paragraph 0048, 
alarms are sent to primary node), and a traffic log recording unit which records, as a 
traffic log, communication information of a communication packet judged not to be the 
communication packet with said format in said first filter and a communication packet 
judged not to be the communication packet transmitted from said host computer 
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permitted to access in ttie second filter (Chirashnya, paragraph 0047, monitors look for 
packet corruption, paragraph 0059, look for greater failure rate than expected), and said 
management server comprises a display device which displays the alert received from 
said communication failure alerting unit (Chirashnya, paragraph 0069, receive alarms 
and generate recommendations, paragraph 0059, user interface), and referring to traffic 
logs to determine the source of failures (Chirashnya, paragraphs 0047-0048, event 
collection of packet corruption, paragraph 0059, look for greater failure rate than 
expected). Chirashnya fails to teach a second filter, traffic log for communications 
relating to the second filter, or an improper communication source-analyzing unit. 
However, Yoshida teaches a second filter which receives the communication packet 
judged to be for said access in said first filter, and judges whether it is a communication 
packet permitted to access to a storage area in said storage subsystem and transmitted 
from said host computer or not (Yoshida, column 4 lines 6-26, determines if permission 
to access network storage device should be granted) and an improper communication 
source analyzing unit that is alerted from a communication failure alerting unit of said 
storage subsystem that a communication failure is generated (Yoshida, column 9 lines 
55-67, table 1, log the denied storage request), and a traffic log of communication 
failures of the second filter (Yoshida, column 9 lines 55-67, table 1, log the denied 
storage request). In addition, Gleichauf teaches a relay device control unit which 
controls, based on information of a source searched in said improper communication 
source analyzing unit, a relay device which relays communication to said storage 
subsystem disposed on said communication line so as to cut off communication from 
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the source (Gleichauf, column 8 lines 18-27, records numbers of attempts to break 
firewall, column 9 lines 1-30, pattern or data matching, column 13 lines 15-20, 
communication may be disabled). At the time the invention was made, it would have 
been obvious to a person of ordinary skill in the art to utilize Yoshida's method of 
determining access rights and Gleichauf s security system with Chriashnya's network 
diagnostic system because it offers the advantage of improving the security of network 
storage devices by preventing impersonation attacks (Yoshida, column 2 lines 4-10 and 
column 6 lines 1-26) and allowing the isolation of an invective or attacking network . 
element thus reducing the danger of loss of data or system integrity (Gleichauf, column 
1 lines 40-55, column 2 lines 45-60). 

15. With regards to claim 16, Chirashnya as modified teaches that said host 
computer is permitted to access to said storage subsystem, said interface further 
comprises an access permission table having information which uniquely specifies the 
host computer (Yoshida, column 5 lines 1-20, client access permissions, column 6 lines 
25-35, access control list), and information which specifies a storage area in said 
storage subsystem to which the host computer is permitted to access, and said second 
filter judges whether a communication packet judged to be for use in said access, is 
transmitted from the host computer permitted to access or not, in accordance with 
information stored in said access permission table (Yoshida, column 5 lines 10-25, 
validates requests on a per packet basis in view of the client access permissions). 

16. With regards to claim 17, Chirashnya teaches said traffic measuring and 
judging unit further measures traffic of a communication packet judged not to be the 



Application/Control Number: 10/791,452 Page 12 

Art Unit: 2134 

communication packet transmitted from said host computer permitted to access in said 
second filter, and by using the traffic and said traffic of all communication packets, 
further judges whether a communication failure is generated or not (Chirashnya, 
paragraph 0047, monitors look for packet corruption, paragraph 0059, look for greater 
failure rate than expected). 

17. With regards to claim 18, Chirashnya teaches said traffic measuring and 
judging unit further measures traffic of a communication packet judged to be the 
communication packet transmitted from said host computer permitted to access in said 
second filter (Chirashnya, paragraph 0047, monitors look for packet corruption, 
paragraph 0059, look for greater failure rate than expected, Yoshida, column 5 lines 1- 
20, client access permissions, column 6 lines 25-35, access control list), and by using 
the traffic and said traffic of all communication packets, judges whether a value of a. 
ratio of traffic of a communication packet transmitted from said host computer permitted 
to access to traffic of all communication packets is less than a predetermined value or 
not (Chirashnya, paragraph 0047, monitors look for packet corruption, paragraph 0059, 
look for greater failure rate than expected, Yoshida, column 5 lines 1-20, client access 
permissions, column 6 lines 25-35, access control list), and said communication failure 
alerting unit alerts said management server of the alert which indicates that second 
communication failure is generated (Chirashnya, paragraph 0069, receive alarms and 
generate recommendations, paragraph 0059, user interface), in case that it is judged 
that the value of the ratio is less than the predetermined value in the traffic measuring 
and judging unit, and said management server further comprises a QoS condition 
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designating unit wliich, in case of having received the alert which indicates that the 
second communication failure is generated from said communication failure alerting 
unit, readjusts a network QoS between said storage subsystem and said host computer, 
which has been set up in advance by an administrator (Chirashnya, paragraph 0063- 
0064, determines fault condition and automatically invokes procedure to determine if 
fault exists, Gleichauf, column 13 lines 15-20, communication may be disabled). 

18. Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Chirashnya et al US PGPub 2002/0019870 in view of Blightman et al US Patent No. 
7.185.266. 

1 9. With regards to claim 21 , Chirashnya fails to teach a header of the 
communication packet with the predetermined format includes information which shows 
that an iSCSI command is encapsulated in the communication packet. However, 
Blightman teaches a header of the communication packet with the predetermined 
format includes information which shows that an iSCSI command is encapsulated in the 
communication packet (Blightman. column 14 lines 55-65, iSCSI header). At the time 
the invention was made, it would have been obvious to a person of ordinary skill in the 
art to utilize Blightman's iSCSI method because it offers the advantage of providing a 
standard network storage protocol that allows for detecting of errors (Blightman, column 
2 lines 54-67, column 1 lines 35-50). 
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20. Claim 22 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Chirashnya et al US PGPub 2002/0019870, Yoshida et a! US Patent No. 6,622,220, 
and Gleichauf US Patent No. 7,137,145, as applied to claim 18 above, and in further 
view of Blightman et al US Patent No. 7,185,266. 

21 . With regards to claim 22, Chirashnya as modified fails to teach a header of the 
communication packet with the predetermined format includes information which shows 
that an iSCSI command is encapsulated in the communication packet. However, 
Blightman teaches a header of the conrimunication packet with the predetermined 
format includes information which shows that an iSCSI command is encapsulated in the 
communication packet (Blightman, column 14 lines 55-65, iSCSI header). At the time 
the invention was made, it would have been obvious to a person of ordinary skill in the 
art to utilize Blightman's iSCSI method because it offers the advantage of providing a 
standard network storage protocol that allows for detecting of errors (Blightman, column 
2 lines 54-67, column 1 lines 35-50). 

Conclusion 

22. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

23. Schwarm et al US PGPub 2004/0153749 discloses a redundant multi processor 
and logical processor configuration for a file server. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L. Nalven whose telephone number is 571 272 
3839. The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571 272 381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-directuspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




